sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/WildcardPermission.java - incubator-sentry - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 // copied from apache shiro

 package org.apache.sentry.provider.file;

 import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
 import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;

 import java.io.Serializable;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.List;

 import org.apache.commons.lang.text.StrSubstitutor;
 import org.apache.sentry.core.AccessConstants;
 import org.apache.sentry.core.Authorizable.AuthorizableType;
 import org.apache.shiro.authz.Permission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Lists;

 // XXX this class is made ugly by the fact that Action is not a Authorizable.
 public class WildcardPermission implements Permission, Serializable {
   private static final Logger LOGGER = LoggerFactory
       .getLogger(WildcardPermission.class);
   private static final long serialVersionUID = -6785051263922740818L;

   private final ImmutableList<KeyValue> parts;

   public WildcardPermission(String wildcardString) {
     wildcardString = Strings.nullToEmpty(wildcardString).trim();
     if (wildcardString.isEmpty()) {
       throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
     }
     List<KeyValue>parts = Lists.newArrayList();
     for (String authorizable : AUTHORIZABLE_SPLITTER.trimResults().split(wildcardString)) {
       if (authorizable.isEmpty()) {
         throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
       }
       parts.add(new KeyValue(authorizable));
     }
     if (parts.isEmpty()) {
       throw new AssertionError("Should never occur: " + wildcardString);
     }
     this.parts = ImmutableList.copyOf(parts);
   }


   @Override
   public boolean implies(Permission p) {
     // By default only supports comparisons with other WildcardPermissions
     if (!(p instanceof WildcardPermission)) {
       return false;
     }

     WildcardPermission wp = (WildcardPermission) p;

     List<KeyValue> otherParts = wp.parts;
     if(equals(wp)) {
       return true;
     }
     int index = 0;
     for (KeyValue otherPart : otherParts) {
       // If this permission has less parts than the other permission, everything
       // after the number of parts contained
       // in this permission is automatically implied, so return true
       if (parts.size() - 1 < index) {
         return true;
       } else {
         KeyValue part = parts.get(index);
         // are the keys even equal
         if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
           return false;
         }
         if (!impliesKeyValue(part, otherPart)) {
           return false;
         }
         index++;
       }
     }
     // If this permission has more parts than
     // the other parts, only imply it if
     // all of the other parts are wildcards
     for (; index < parts.size(); index++) {
       KeyValue part = parts.get(index);
       if (!part.getValue().equals(AccessConstants.ALL)) {
         return false;
       }
     }

     return true;
   }

   private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
     Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
         "Please report, this method should not be called with two different keys");
     if(policyPart.getValue().equals(AccessConstants.ALL) || policyPart.equals(requestPart)) {
       return true;
     } else if (!PolicyFileConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
         && AccessConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
       /* permission request is to match with any object of given type */
       return true;
     } else if(policyPart.getKey().equalsIgnoreCase(AuthorizableType.URI.name())) {
       return impliesURI(policyPart.getValue(), requestPart.getValue());
     }
     return false;
   }

   /**
    * URI is a a special case. For URI's, /a implies /a/b.
    * Therefore the test is "/a/b".startsWith("/a");
    */
   @VisibleForTesting
   protected static boolean impliesURI(String policy, String request) {
     try {
       URI policyURI = new URI(new StrSubstitutor(System.getProperties()).replace(policy));
       URI requestURI = new URI(request);
       if(policyURI.getScheme() == null || policyURI.getPath() == null) {
         LOGGER.warn("Policy URI " + policy + " is not valid. Either no scheme or no path.");
         return false;
       }
       if(requestURI.getScheme() == null || requestURI.getPath() == null) {
         LOGGER.warn("Request URI " + request + " is not valid. Either no scheme or no path.");
         return false;
       }
       // schemes are equal &&
       // request path does not contain relative parts /a/../b &&
       // request path starts with policy path &&
       // authorities (nullable) are equal
       if(policyURI.getScheme().equals(requestURI.getScheme()) &&
           requestURI.getPath().equals(new URI(request).normalize().getPath()) &&
           requestURI.getPath().startsWith(policyURI.getPath()) &&
           Strings.nullToEmpty(policyURI.getAuthority()).equals(Strings.nullToEmpty(requestURI.getAuthority()))) {
         return true;
       }
       return false;
     } catch (URISyntaxException e) {
       LOGGER.warn("Request URI " + request + " is not a URI", e);
       return false;
     }
   }

   @Override
   public String toString() {
     return AUTHORIZABLE_JOINER.join(parts);
   }

   @Override
   public boolean equals(Object o) {
     if (o instanceof WildcardPermission) {
       WildcardPermission wp = (WildcardPermission) o;
       return parts.equals(wp.parts);
     }
     return false;
   }

   @Override
   public int hashCode() {
     return parts.hashCode();
   }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	// copied from apache shiro

	package org.apache.sentry.provider.file;

	import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
	import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;

	import java.io.Serializable;
	import java.net.URI;
	import java.net.URISyntaxException;
	import java.util.List;

	import org.apache.commons.lang.text.StrSubstitutor;
	import org.apache.sentry.core.AccessConstants;
	import org.apache.sentry.core.Authorizable.AuthorizableType;
	import org.apache.shiro.authz.Permission;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import com.google.common.annotations.VisibleForTesting;
	import com.google.common.base.Preconditions;
	import com.google.common.base.Strings;
	import com.google.common.collect.ImmutableList;
	import com.google.common.collect.Lists;

	// XXX this class is made ugly by the fact that Action is not a Authorizable.
	public class WildcardPermission implements Permission, Serializable {
	private static final Logger LOGGER = LoggerFactory
	.getLogger(WildcardPermission.class);
	private static final long serialVersionUID = -6785051263922740818L;

	private final ImmutableList<KeyValue> parts;

	public WildcardPermission(String wildcardString) {
	wildcardString = Strings.nullToEmpty(wildcardString).trim();
	if (wildcardString.isEmpty()) {
	throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
	}
	List<KeyValue>parts = Lists.newArrayList();
	for (String authorizable : AUTHORIZABLE_SPLITTER.trimResults().split(wildcardString)) {
	if (authorizable.isEmpty()) {
	throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
	}
	parts.add(new KeyValue(authorizable));
	}
	if (parts.isEmpty()) {
	throw new AssertionError("Should never occur: " + wildcardString);
	}
	this.parts = ImmutableList.copyOf(parts);
	}


	@Override
	public boolean implies(Permission p) {
	// By default only supports comparisons with other WildcardPermissions
	if (!(p instanceof WildcardPermission)) {
	return false;
	}

	WildcardPermission wp = (WildcardPermission) p;

	List<KeyValue> otherParts = wp.parts;
	if(equals(wp)) {
	return true;
	}
	int index = 0;
	for (KeyValue otherPart : otherParts) {
	// If this permission has less parts than the other permission, everything
	// after the number of parts contained
	// in this permission is automatically implied, so return true
	if (parts.size() - 1 < index) {
	return true;
	} else {
	KeyValue part = parts.get(index);
	// are the keys even equal
	if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
	return false;
	}
	if (!impliesKeyValue(part, otherPart)) {
	return false;
	}
	index++;
	}
	}
	// If this permission has more parts than
	// the other parts, only imply it if
	// all of the other parts are wildcards
	for (; index < parts.size(); index++) {
	KeyValue part = parts.get(index);
	if (!part.getValue().equals(AccessConstants.ALL)) {
	return false;
	}
	}

	return true;
	}

	private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
	Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
	"Please report, this method should not be called with two different keys");
	if(policyPart.getValue().equals(AccessConstants.ALL) \|\| policyPart.equals(requestPart)) {
	return true;
	} else if (!PolicyFileConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
	&& AccessConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
	/* permission request is to match with any object of given type */
	return true;
	} else if(policyPart.getKey().equalsIgnoreCase(AuthorizableType.URI.name())) {
	return impliesURI(policyPart.getValue(), requestPart.getValue());
	}
	return false;
	}

	/**
	* URI is a a special case. For URI's, /a implies /a/b.
	* Therefore the test is "/a/b".startsWith("/a");
	*/
	@VisibleForTesting
	protected static boolean impliesURI(String policy, String request) {
	try {
	URI policyURI = new URI(new StrSubstitutor(System.getProperties()).replace(policy));
	URI requestURI = new URI(request);
	if(policyURI.getScheme() == null \|\| policyURI.getPath() == null) {
	LOGGER.warn("Policy URI " + policy + " is not valid. Either no scheme or no path.");
	return false;
	}
	if(requestURI.getScheme() == null \|\| requestURI.getPath() == null) {
	LOGGER.warn("Request URI " + request + " is not valid. Either no scheme or no path.");
	return false;
	}
	// schemes are equal &&
	// request path does not contain relative parts /a/../b &&
	// request path starts with policy path &&
	// authorities (nullable) are equal
	if(policyURI.getScheme().equals(requestURI.getScheme()) &&
	requestURI.getPath().equals(new URI(request).normalize().getPath()) &&
	requestURI.getPath().startsWith(policyURI.getPath()) &&
	Strings.nullToEmpty(policyURI.getAuthority()).equals(Strings.nullToEmpty(requestURI.getAuthority()))) {
	return true;
	}
	return false;
	} catch (URISyntaxException e) {
	LOGGER.warn("Request URI " + request + " is not a URI", e);
	return false;
	}
	}

	@Override
	public String toString() {
	return AUTHORIZABLE_JOINER.join(parts);
	}

	@Override
	public boolean equals(Object o) {
	if (o instanceof WildcardPermission) {
	WildcardPermission wp = (WildcardPermission) o;
	return parts.equals(wp.parts);
	}
	return false;
	}

	@Override
	public int hashCode() {
	return parts.hashCode();
	}

	}